badbazaar | 58ccc0f239241cbcd023a5eb0800786a20df9303854e6365ac66b99038c76d72

Resubmissions

20/05/2024, 06:03

240520-gr8yhaeg33 10

20/12/2023, 10:33

231220-mljpbaadfp 10

Analysis

max time kernel
2261520s
max time network
135s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
20/12/2023, 10:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

securesmsplus.apk
Size

77.4MB
MD5

30bfd388592873d836f5907c236f18a2
SHA1

606e33614cfa4969f0bf8b0828710c9a23bda22b
SHA256

58ccc0f239241cbcd023a5eb0800786a20df9303854e6365ac66b99038c76d72
SHA512

95ffebc8a14ab7d1030aae6e1eba77423a08fb5f1f64a66af402841358514e462a7e23642e9efd1973a24d9fcd6a313a99f69eb8d1e24436cc3da403964400a0
SSDEEP

1572864:jof7Q89n08GFOS1CqTKliPbRZY3IxKlgLOe2NGv3Qvqm4t4nHq4i:jC5dpKO5qtRZY3Iu22m3QF4t0qL

Score

10^/10

badbazaar infostealer spyware trojan

Malware Config

Signatures

BadBazaar
BadBazaar is an Android spyware used by GREF APT group.
spyware infostealer trojan badbazaar

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.thoughtcrime.securesmsplus

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	org.thoughtcrime.securesmsplus

org.thoughtcrime.securesmsplus
1⤵
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.thoughtcrime.securesmsplus/app_emoji/9916f7f0-7c61-48ac-a38a-112497fb1dd5/242f792e-b1f1-4b97-ab04-cb97b40ea1cc

Filesize
148KB

MD5
0ead52795153cc080623b5c0e6060bdc

SHA1
f9af61a2a375d7ebffbc2f72b958331a3cff56aa

SHA256
56b11c36fd07b2817f209a3b2856adb682353cfdd0ac6e74fbd43bed4bfb2e84

SHA512
50e381433d46cf9d31310f813e4f93af52fb4543afbd16082b58c396ff844a03fb09887fe28f12050a876f20f6aac0066b7f690a30c7283e47211da4679f3635

Download Submit
/data/data/org.thoughtcrime.securesmsplus/app_emoji/9916f7f0-7c61-48ac-a38a-112497fb1dd5/3879542e-2936-47a3-84ea-1d0f6f4fcf02

Filesize
214KB

MD5
0d7cdef87842ed33cc25a9019dd88aca

SHA1
396be911157a4c14098034de1222c76d7a8f1c17

SHA256
0297bcde49c522d5f26a7dbb5aadf7f14371b7b4148d06b500693101b188507e

SHA512
83ea982cab31f86b2b1a5ca79c830a1bedf1846844ed1bd461493da8d8217bb57e991f587254f076b9316c77fdf4a5937ded355436e50c06bddb360dfa4cd40a

Download Submit
/data/data/org.thoughtcrime.securesmsplus/app_emoji/9916f7f0-7c61-48ac-a38a-112497fb1dd5/73ee4020-e938-47a1-8b4a-1a5a8eb7bda8

Filesize
144KB

MD5
f79301db7ea9e6869029db81d5ad07ea

SHA1
b1cc7f845eb96f8aef721b93d5244736515297e4

SHA256
b0aa0683703350253204c40ae9a9e1be8ba609a7eee4eff7a4578ee7fea17c73

SHA512
47e61fadf02c8af6a45ba909f4bed21df1a3343f59e105e7a04a02efda6be8c30619f385950caa91e348eb616d1cbf8f5124a6404925a7ec9ec84767f2ed4f91

Download Submit
/data/data/org.thoughtcrime.securesmsplus/app_emoji/9916f7f0-7c61-48ac-a38a-112497fb1dd5/7fe75007-af64-4b8c-9d68-6671870fd1ad

Filesize
246KB

MD5
a103bb8689a9903c7beb4e54ac897148

SHA1
070918b0e06adb1fcb1f0cfcd5c49a5f07b877ba

SHA256
f51064a6f0f9af58fdfed77d00febc0f5646b11bc04cd24e6ddf8e3b71ccebc0

SHA512
01136e3044907f87f7bc54d227d8ba1bcc50779980688e8fb6eba00081cd35b544cd7d9b08ed41a2c3ef5d0435f9c133d52805ff160849f2437f8d113dfaa8d2

Download Submit
/data/data/org.thoughtcrime.securesmsplus/app_emoji/9916f7f0-7c61-48ac-a38a-112497fb1dd5/aff2256b-a534-439a-9931-4f6b364b32b0

Filesize
228KB

MD5
3d9e67d595914ecf5c562c268a72e9aa

SHA1
3d4762733526e48d1a80437a94cf4b36018df3ed

SHA256
2b7db1d36351530ce2cf613391d3ddd56f2b1c1789d0fa48b259042ce538c382

SHA512
86edabd72e056665b70f1228a5cb43591e287d83cb108d3576fd5052b76e7c578edd77e9cf8a607417c29bc685b2b56f88deaba2ea1cf795aa481f7af414a114

Download Submit
/data/data/org.thoughtcrime.securesmsplus/app_emoji/9916f7f0-7c61-48ac-a38a-112497fb1dd5/fd725317-ae57-4c01-99fe-388aa6ad9953

Filesize
288KB

MD5
504a08789facc3a40f03a53a9b6c4ec2

SHA1
4887e0b70ed4aebccfd257c77fcdffa9a5880d2d

SHA256
1e83eb678bf71bc988a8120f2ae02aacc94edaa7478c02f9ed0010ea1475f405

SHA512
41a9c6e3347a302e20a5cecf22ed4db6fccc5b86c973a61b8a97edb92e8dde15436a3bf38edd85b185802d3d8d3fbe70131c368171ed6b63c308b7f94e9c3cec

Download Submit
/data/data/org.thoughtcrime.securesmsplus/app_story-fonts/bc57d185-1b96-4149-9322-6b12062585a3/.map

Filesize
109B

MD5
d6566e568f4c3ffe3d7bfd14dec4867f

SHA1
7830ea357b8a0f19240ef95d5c434ab1d9ac6579

SHA256
73c8072e5bd38f6e22579ec3a9442cd64e90c02af1efbd72179b97ec8cf7b2e6

SHA512
8a54e15bd4bcffbc3cdaa2f9143c644d76b9d1ee2d6eedd4c5e8e0ba1c2a7cc4368e8d95d433a6e05e9fe981832c93f7d7199cca9cedad71f5be859a01a153a4

Download Submit
/data/data/org.thoughtcrime.securesmsplus/app_story-fonts/bc57d185-1b96-4149-9322-6b12062585a3/.map

Filesize
162B

MD5
5fc95674f0a6625b229fc7dc4464de8a

SHA1
e356aae2778fed228d1e78f6b2341202c068bffc

SHA256
cd8dcd4ce0fd7007f0a8bc434b2046b11f0f12cb08c03924faf86bc80be73573

SHA512
672e04321208728108e134ca3867613578775f54eb6b62cacef50355c5d027b232be145fcf3ab9352c16edf792907dc1869734d28798ff82f879d74b001da377

Download Submit
/data/data/org.thoughtcrime.securesmsplus/app_story-fonts/bc57d185-1b96-4149-9322-6b12062585a3/.map

Filesize
105B

MD5
b2fe5174c74f70cece19097c4a365011

SHA1
13999473d9e7e37e2ee250e7e20d16498e3d4444

SHA256
471c042847807cc2bb33a3ef8cd4de17c5137a79b1275d860d6d9ad0ff6ec481

SHA512
892eeb68152318eaca0f27a8f84b543fc763c700aec0a907ca12aad9c91f2364a4ba428fe77b77ec9cb3c075c21853d517e303beacee54b88db4992744f7fc8f

Download Submit
/data/data/org.thoughtcrime.securesmsplus/app_story-fonts/bc57d185-1b96-4149-9322-6b12062585a3/60b93a49-bf6a-4d29-b2cc-a551dabf92fd

Filesize
547KB

MD5
2367a2c4f94680d5aea44f06048fff3e

SHA1
41af68b7b2d4a3c1378a1eeb190e0fd8020f02d6

SHA256
aa2d31dea9ce8bd4801ab6a74f0e50707b04efd1ea49f8da58165020abde9c75

SHA512
0a2c11c6bf5a9c48f1a114ffbbede2279f3dbf11fc18b0bafabdeed6d4d9dcfc0e42140f8587edc5d17a17a57d3a805fea11251b7735f7bc569018d6c6a4d34b

Download Submit
/data/data/org.thoughtcrime.securesmsplus/app_story-fonts/bc57d185-1b96-4149-9322-6b12062585a3/a08f24b9-12fb-4a37-9ff8-751ae33ee86b

Filesize
56KB

MD5
ad4cd34327721459c11a67b4332c945e

SHA1
9c0742c0bb82288d984a37dd2642f1246e599d17

SHA256
305f941c2fab1d6ee97c5a4460f8653ff4ffec429701e2c9648befa1f593a345

SHA512
0e77745e3cf711c958e443b6b2b1a417dc88023ec1c668a0f7e1f7944c54abe78015a8a94197353ca486ade639352f3fc4e1edc215191b7e7f6fd9ca2f9fcf24

Download Submit
/data/data/org.thoughtcrime.securesmsplus/app_story-fonts/bc57d185-1b96-4149-9322-6b12062585a3/fb8b3d72-7b4b-45c9-bdaf-a39fdb4d17f7

Filesize
95KB

MD5
44850ec0ba405c1c5620ff156b3d624e

SHA1
dda0533f8a46369c980550d9a9c4264d0c90b60a

SHA256
9b54b1da124f3c8175ca6f3eff36bf0476fb2d8b4cd5650f827e8e41d1854820

SHA512
a7703788ccbb585b5c5584582ba704764c97560f283269bdbfc6a3b7c7022d18c84037530c315c4d90250f6e40f6f2ef155ec9f83e27e57c6a5da23ca150c410

Download Submit
/data/data/org.thoughtcrime.securesmsplus/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/org.thoughtcrime.securesmsplus/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
5abfa216cddc0f85c146ede3a7dc454b

SHA1
25cf8b77f3f18f888f2547975d0fb6869fdd201d

SHA256
842959f63435694a701cd4e70145e71978e4b3e20798f73300b137bb33be8bcc

SHA512
4c13f9d737afc34fd2e8cf6337928db74525748df59d7aea87e02ee03a6a5fa3755771561dfe0c514ab977c02ece5d7c4254bdf975cf82015286623bca24e9a6

Download Submit
/data/data/org.thoughtcrime.securesmsplus/databases/com.google.android.datatransport.events-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/org.thoughtcrime.securesmsplus/databases/com.google.android.datatransport.events-wal

Filesize
16KB

MD5
e4715eb1dcd2973e92b42fc665f08494

SHA1
8fa57346ea65f444963bf8e0b30c844839ac7a7f

SHA256
7382888a962cdbccd25c2e74e48e864dd69ada89015e59b17fddf88f13477828

SHA512
10f1336beda2f07759e0a63e468b4e8a928d8b9d6b8bec86d117f602fc13d7548502b9b80c14af41f212d507a61a6b3a9a19e811640d37f6dc29f820952562d5

Download Submit
/data/data/org.thoughtcrime.securesmsplus/databases/signal-jobmanager.db

Filesize
4KB

MD5
29b8e5a42fd20dcf811864a20453fb16

SHA1
24143325fba64369f01fadeee334e2a833df3191

SHA256
5f35da142b216369bbe6ef7c1164ce17efdcc46a9a6c5b73b1abc25f0654f03d

SHA512
e19fcf473204c9df1dc58bbb39aaac537cc5752877f06279083503cf9f0a1b0d0e71f0ee019b191c905453fcbabf2f41ece332e84b09c602beabc91c75d25308

Download Submit
/data/data/org.thoughtcrime.securesmsplus/databases/signal-jobmanager.db-journal

Filesize
512B

MD5
f5e0bf566dcd466dc58089c1cb9a0609

SHA1
af581585f58bb0915b53c06b8d5d764f3890cc72

SHA256
7f33b4cbbabb6096b8f44277db3e794f0a607305582611c4fc64a72144968b40

SHA512
88dceb3e9cf31b1f34063d6173fed791ffeac0dc247e4e9c0d717e3ebfb7737a2147e542d81cb08e88cdc195f6f409633f145f065eb1e799c0c5a0f681f86a6d

Download Submit
/data/data/org.thoughtcrime.securesmsplus/databases/signal-key-value.db

Filesize
4KB

MD5
3d191abb10dda8a0aec8330f293f3fba

SHA1
806bca54158adf5a687c6314f68b6a11834f361d

SHA256
491b2fba63138a2c223dd087ea6b1e746017911c5ae5e31d39eac0e7493b2ef0

SHA512
ecac02cd43c00a8ac17d1596b057a6da59efa33d846b48e08ece23df9a5e37df7abf9291490235686fb03d2898ce7036bf36c5d7922bf25849ff02722c1ff25d

Download Submit
/data/data/org.thoughtcrime.securesmsplus/databases/signal-key-value.db-journal

Filesize
512B

MD5
33e835b04d673b9265691e4400024813

SHA1
c539dab9c8bf8abb5a9c31c34125be6e4bd8967b

SHA256
4f8c34412333317678c116e85b96cfc0ba74bfc2596d20cbdaec5a3e0d1a3dc4

SHA512
0b5f8360f011aac394513765f22aa762e73fffcc87ecb3c181b81793526aeae33719e99009882a88c17c89656ecf837b12001e9a545087eb168e5344f9784bad

Download Submit
/data/data/org.thoughtcrime.securesmsplus/databases/signal-key-value.db-wal

Filesize
281KB

MD5
2334aec2be2f8de16eaa17c5892fe8b4

SHA1
1dce938d43d52991946e57714b2ff58e62ed557d

SHA256
e8a5350157cc183d68db9fd2277762027d34fdbe4f5bc684fbfd122ec7cdae6d

SHA512
1cbff465e9a1916569722207993435650123fabea8e8354631a352f641a8cb671d8bb1b4597f47adb48125c8d38a9e1d7af508ae66eda923523affcfb77a527d

Download Submit
/data/data/org.thoughtcrime.securesmsplus/databases/signal-logs.db-wal

Filesize
52KB

MD5
ce975a271d17016a990d59de681feaaf

SHA1
5b37473d9f824183598f23223dcace321c023102

SHA256
6b7af3ca97af412496168498997a8a4825d77c1624eab6f3541d96104ccf622d

SHA512
a901d2c5f031fec7c5c440e66e94910228b473585ed0440517c268b009fd583b08b2275ca0690e7c2532d2c797735a8312ac0c573f006d0176ac1fbb314fb6d5

Download Submit
/data/data/org.thoughtcrime.securesmsplus/databases/signal-megaphone.db

Filesize
4KB

MD5
2ecb0f6faa13031303e375c0d0829616

SHA1
f21cbbc8607bc644085fae27ee2f5825f626a9e2

SHA256
f73c9fccd9f20624ce0899c3ec877769b7284687e431f31069f8f6bd1b49609e

SHA512
fbabfdca64d10333f696925b6a4390e3c01299aa07866b923f86e49f0f8f131a80309e668d8f210a5b453e8e4581c6e523b028a74109f4fe6128921404ab2040

Download Submit
/data/data/org.thoughtcrime.securesmsplus/databases/signal-megaphone.db-journal

Filesize
512B

MD5
0d7222bcf5ecb61d75cd16569f1e5406

SHA1
d2f14980b8b6b6170e5f17234806d2b91dd04dff

SHA256
6a1522a64b5fd18e1044c0b64840b57d04976c5e818259a42c8590870d6f877b

SHA512
7128fae237351481c9656d93150b7af7a3441afa7c0e35defc6ec01e29268e73867b315c77ad89bcf337bb4dfe5ce29bfaecb35c45ed5b31fbde8c3d0dac4be8

Download Submit
/data/data/org.thoughtcrime.securesmsplus/databases/signal-megaphone.db-wal

Filesize
32KB

MD5
e222db55d9728f1000f0c074ed9c474f

SHA1
e65e2d80bd319395d658ebf159ef92cda5e8e37c

SHA256
af004f0241e1a637b28ec164cae4191551b0db7c48cb01fda1e73c6a673072be

SHA512
c80015a0c68de3359f2146d2523e0cf7ca733c42c7c73d9f0c62198fa08032f31d04b001cebab7fd6c087fa7798e931c9588a50a090f00ecbc530372303d8114

Download Submit
/data/data/org.thoughtcrime.securesmsplus/databases/signal.db

Filesize
4KB

MD5
d0cedc2abf5b89819b40920dcc77e0d2

SHA1
2cf83aea21497920493e36f254d3e1da0c2ee5a0

SHA256
9f724ee0be34a83cb1def0c7adc0e498cda382d9404601cdbbf8cc3e513db181

SHA512
f7d39e2d069548e504a3d2797d26476b800922351d820eea84b7e7cfb006bfd0e392b3bee30d6c18e34de5fee413af16a9e8e7eb7c5c9450cb861572c96e363e

Download Submit
/data/data/org.thoughtcrime.securesmsplus/databases/signal.db-journal

Filesize
512B

MD5
3d24175aaef26b3ab3dbe4c47fda4357

SHA1
8a552b0ecfea485b0ba08e06f78d7326906fc4d4

SHA256
1b0d28c3797e58e656901974abb8ad2114d4b65cb2b6ed5fcd06fcfc1ecd6611

SHA512
3a3274c5a3d0e6539ff4dc1f2dfac8a6ff6aee53c1cbe7ff74952512e504978f91331209bab0551e105bedf0fe2b7561e0e8e263a2a53421ab9b7a5e2e514f13

Download Submit
/data/data/org.thoughtcrime.securesmsplus/databases/signal.db-wal

Filesize
563KB

MD5
8509f1df2340c4d941e9b090c8b1c51c

SHA1
1b1ce345df434d18b8696bd1277435e7bd2748a4

SHA256
7eedf1ee9fbc3f92f0b71574ca8a417df2a354613d90365e711dfff43f7684a8

SHA512
ae0eea108f6e81f96ee69550c6b71a0ef7e283ba1a3dc74f2a455f2cd2bafeceecde907f8a19a65620416b32dc70f5ea1d6de86d2805fd4837cb1e48d86e89e5

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads